Hi,
My task was to configure our existing openldap (debian wheezy 2.4.31-1+nmu2) to use use monitor backend. The main problem is that our (BDB backed) database has empty suffix (for historical reason).
If the monitor defined later under the /etc/ldap/slapd.d then the BDB, slapd fails to start, because BDB database would hide the monitor.
database init failed (monitor) 52b038c0 olcDatabase: value #0: "monitor" database serving namingContext "cn=Monitor" is hidden by "bdb" database serving namingContext "". (monitor) 52b038c0 config error processing olcDatabase={2}monitor,cn=config: "monitor" database serving namingContext "cn=Monitor" is hidden by "bdb" database serving namingContext "".
If it's defined before the bdb, then the slapd starts, but ldapsearch give 'no such object' for cn=Monitor. (should not be permission issue) It was doesn't matter if i included 'olcSubordinate: true' in the monitor. When I added a non-empty suffix to the bdb in the devel environment, the monitor worked, but this can't be the solution for our prod servers.
monitor backend is defined by:
dn: olcDatabase=monitor objectClass: olcDatabaseConfig olcDatabase: monitor olcAccess: {0}to * by read olcSubordinate: TRUE
A colleague is concerned about the performance loss because of the monitor backend. Does monitor use significant resources in a heavily used slapd?
Thanks, Dancsa